Constant unresolvable alias alerts



  • I'm getting the following 2 alerts all the time, and it also emails them to me.  Getting pretty annoying at this point to be honest.  Why is it happening and how can I fix or stop it?

    Unresolvable source alias 'pfB_IPBlocking' for rule 'pfB_IPBlocking auto rule'
    Unresolvable destination alias 'pfB_IPBlocking' for rule 'pfB_IPBlocking auto rule'

    Any help is appreciated, thanks.



  • What do you see in pfBlockerNG Logs when you run a Force Update or a Force Reload IP ?



  • Force IP:

     UPDATE PROCESS START [ 12/09/17 09:49:27 ]
    
    ===[  DNSBL Process  ]================================================
    
    [ EasyList_No_Elements ] exists.
    [ EasyList_Privacy ]	 exists.
    [ StevenBlack ]		 exists.
    [ MalwareDomains ]	 exists.
    [ Cameleon ]		 exists.
    [ Zeustracker ]		 exists.
    [ DisconnectMeTracking ] exists.
    [ DisconnectMeAds ]	 exists.
    [ HostsFileNet ]	 exists.
    [ DNSBL_IP ]		 Updating aliastable [ 12/09/17 09:49:28 ]... 
      no changes.
      Total IP count = 55
    
    ===[  Continent Process  ]============================================
    
    ===[  IPv6 Process  ]=================================================
    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    No Changes to Aliases, Skipping pfctl Update
    
    ===[  Kill States  ]==================================================
    
     No matching states found
    ======================================================================
    
     UPDATE PROCESS ENDED [ 12/09/17 09:49:35 ]
    
    

    Force Reload All:

    UPDATE PROCESS START [ 12/09/17 09:50:55 ]
    
    ===[  DNSBL Process  ]================================================
    
    [ EasyList_No_Elements ] Reload [ 12/09/17 09:50:56 ] . completed ..
      Whitelist: entrecard.s3.amazonaws.com|ltassrv.com.s3.amazonaws.com|
      Alexa Whitelist: absoluteclickscom.com|ad-apac.doubleclick.net|ad-emea.doubleclick.net|ad.doubleclick.net|ad.mo.doubleclick.net|adexchangecloud.com|bongacams.com|buzzadnetwork.com|cm.g.doubleclick.net|codeonclick.com|directrev.com|doubleclick.net|doublepimp.com|doublepimpssl.com|exdynsrv.com|exoclick.com|exosrv.com|flirt4free.com|fwbntw.com|gan.doubleclick.net|googleads.g.doubleclick.net|iv.doubleclick.net|iwanttodeliver.com|jsmjmp.com|junbi-tracker.com|liveadexchanger.com|mellowads.com|mysagagame.com|n4403ad.doubleclick.net|neobux.com|partner.video.syndication.msn.com|popads.net|popcash.net|popmyads.com|prpops.com|pubads.g.doubleclick.net|reallifecam.com|smartadtags.com|speakol.com|tradedoubler.com|traffic-media.co|valuecommerce.com|velocecdn.com|wzus1.ask.com|
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      10012    9476       0          2          44         9430                 
      ----------------------------------------------------------------------
      IP count=38
    
    [ EasyList_Privacy ]	 Reload [ 12/09/17 09:51:19 ] . completed ..
      Whitelist: optimizely.com|
      Alexa Whitelist: cnzz.com|doubleclick.net|shareasale.com|tradedoubler.com|
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      3088     3064       28         1          4          3031                 
      ----------------------------------------------------------------------
      IP count=16
    
    [ StevenBlack ]		 Reload [ 12/09/17 09:51:23 ] . completed ..
      Whitelist: 3459571470.log.optimizely.com|adagiobanner.s3.amazonaws.com|admarvel.s3.amazonaws.com|ads.linkedin.com|ads.twitter.com|adtago.s3.amazonaws.com|advert.funimation.com|advice-ads.s3.amazonaws.com|adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|c.msn.com|campaign-tapad.s3.amazonaws.com|cdn.installationsafe.net.s3.amazonaws.com|cdn.optimizely.com|cdn3.optimizely.com|digital-ads.s3.amazonaws.com|ecommstats.s3.amazonaws.com|entrecard.s3.amazonaws.com|exitsplash.s3.amazonaws.com|gx-in-f109.1e100.net|html5adkit.plusmo.s3.amazonaws.com|htmlads.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|inneractive-assets.s3.amazonaws.com|js-agent.newrelic.com|load.s3.amazonaws.com|localhost.localdomain|log.optimizely.com|log3.optimizely.com|mackeeper-land-672695126.us-east-1.elb.amazonaws.com|matchbin-assets.s3.amazonaws.com|mobileanalytics.us-east-1.amazonaws.com|mobileanalytics.us-east-2.amazonaws.com|mobileanalytics.us-west-1.amazonaws.com|mobileanalytics.us-west-2.amazonaws.com|mondoads.s3.amazonaws.com|mu-in-f167.1e100.net|ncads.s3.amazonaws.com|odds.optimizely.com|p.twitter.com|scribe.twitter.com|slate-ad-scripts.s3.amazonaws.com|springclick-ads.s3.amazonaws.com|static-shareaholic.s3.amazonaws.com|strikeadcdn.s3.amazonaws.com|sync.cmedia.s3.amazonaws.com|tracking.opencandy.com.s3.amazonaws.com|viewerstats.docstoc.com.s3.amazonaws.com|vml1.s3.amazonaws.com|yab-adimages.s3.amazonaws.com|yx-in-f108.1e100.net|znaptag-us.s3.amazonaws.com|
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      43001    43001      1305       52         0          41644                
      ----------------------------------------------------------------------
      IP count=1
    
    [ MalwareDomains ]	 Reload [ 12/09/17 09:51:53 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      14906    14906      300        0          0          14606                
      ----------------------------------------------------------------------
    
    [ Cameleon ]		 Reload [ 12/09/17 09:52:07 ] . completed ..
      Whitelist: 3459571470.log.optimizely.com|ads.twitter.com|advert.funimation.com|analytics.twitter.com|cdn.optimizely.com|cdn3.optimizely.com|js-agent.newrelic.com|log.optimizely.com|log3.optimizely.com|odds.optimizely.com|
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      20629    20629      12426      10         0          8193                 
      ----------------------------------------------------------------------
    
    [ Zeustracker ]		 Reload [ 12/09/17 09:52:20 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      401      401        8          0          0          393                  
      ----------------------------------------------------------------------
    
    [ DisconnectMeTracking ] Reload [ 12/09/17 09:52:24 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      34       34         13         0          0          21                   
      ----------------------------------------------------------------------
    
    [ DisconnectMeAds ]	 Reload [ 12/09/17 09:52:27 ] . completed ..
      Whitelist: admarvel.s3.amazonaws.com|adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|entrecard.s3.amazonaws.com|interactive-assets.s3.amazonaws.com|yab-adimages.s3.amazonaws.com|
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      2703     2703       2341       6          0          356                  
      ----------------------------------------------------------------------
    
    [ HostsFileNet ]	 Reload [ 12/09/17 09:52:31 ] . completed ..
      Whitelist: 137852403.log.optimizely.com|196179102.log.optimizely.com|2426010203.log.optimizely.com|2449650414.log.optimizely.com|2570540166.log.optimizely.com|2926210385.log.optimizely.com|3480025.log.optimizely.com|38179760.log.optimizely.com|401591473.log.optimizely.com|554924358.log.optimizely.com|74647825.log.optimizely.com|9785216.log.optimizely.com|a6522.s3-website-us-east-1.amazonaws.com|admarvel.s3.amazonaws.com|ads.linkedin.com|ads_ad_center.s3.amazonaws.com|adstracking.s3-website-us-west-1.amazonaws.com|advice-ads.s3.amazonaws.com|advrts.s3.amazonaws.com|adzerk-www.s3.amazonaws.com|airpushmarketing.s3.amazonaws.com|analytics.twitter.com|analyticsengine.s3.amazonaws.com|api.optimizely.com|arabmistress.s3.amazonaws.com|blamads-assets.s3.amazonaws.com|bo-videos.s3.amazonaws.com|btg.mtvnservices.com|c.microsoft.com|c.msn.com|c1.microsoft.com|cadreon.s3.amazonaws.com|campaign-tapad.s3.amazonaws.com|cd-ladsp-com.s3.amazonaws.com|cdn.optimizely.com|cdn2.optimizely.com|cdn3.optimizely.com|ce2-dev-trk.s3.amazonaws.com|ce2-dev.s3.amazonaws.com|chartaca.com.s3.amazonaws.com|cloudfront-labs.amazonaws.com|collector-cdn.github.com|com.djinnworks.sdm.s3.amazonaws.com|convertglobal.s3.amazonaws.com|dban4-549565586.eu-west-1.elb.amazonaws.com|demandmedia.s3.amazonaws.com|deskwww.s3.amazonaws.com|ec2-54-171-97-32.eu-west-1.compute.amazonaws.com|ec2-54-225-149-4.compute-1.amazonaws.com|ec2-54-235-183-132.compute-1.amazonaws.com|epowernetworktrackerimages.s3.amazonaws.com|evs-hosted-14facd241e1c08.s3.amazonaws.com|forumwarz.s3.amazonaws.com|gateways.s3.amazonaws.com|getbarometer.s3.amazonaws.com|getsidecar.s3.amazonaws.com|gfaf-banners.s3.amazonaws.com|homad-global-configs-eu-fra.schneevonmorgen.com.s3.amazonaws.com|html5adkit.plusmo.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|immassets.s3.amazonaws.com|inneractive-assets.s3.amazonaws.com|inpref.s3-external-3.amazonaws.com|inpref.s3.amazonaws.com|interactive-assets.s3.amazonaws.com|js-agent.newrelic.com|kkastatic.s3.amazonaws.com|kraken-measurements.s3.amazonaws.com|livechat.s3.amazonaws.com|log.optimizely.com|loved-by.s3.amazonaws.com|ltassrv.com.s3.amazonaws.com|magnify360-cdn.s3.amazonaws.com|matchbin-assets.s3.amazonaws.com|myadserve.s3-website-us-east-1.amazonaws.com|newbuzz-collection-1925855828.us-east-1.elb.amazonaws.com|news-whistleout.s3.amazonaws.com|nmtracking.netflix.com|nxa-ls.s3.amazonaws.com|optimizely.com|optimizely.s3.amazonaws.com|pivotal.github.com|platform.linkedin.com|research.netflix.com|rich-agent.s3.amazonaws.com|s3-tracking.synthasite.net.s3.amazonaws.com|sana.newsinc.com.s3.amazonaws.com|sdsbucket.s3.amazonaws.com|spyhunter-download.s3.amazonaws.com|strikeadcdn.s3.amazonaws.com|thetradedesk-tags.s3.amazonaws.com|trafficads.s3-website-us-west-1.amazonaws.com|tree-pixel-log.s3.amazonaws.com|twitter-badges.s3.amazonaws.com|us-east-1.profile-api.ads.linkedin.com|vice-ads.s3.amazonaws.com|waiwidgets-1246822334.eu-west-1.elb.amazonaws.com|whistleout.s3.amazonaws.com|yc-ads.s3.amazonaws.com|
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      48524    48521      9091       99         0          39331                
      ----------------------------------------------------------------------
    
    [ DNSBL_IP ]		 Updating aliastable [ 12/09/17 09:53:33 ]... 
      no changes.
      Total IP count = 55
    
    ------------------------------------------
    Assembling database... completed
    Validating database... completed [ 12/09/17 09:54:18 ]
    Reloading Unbound.... completed
    DNSBL update [ 117005 | PASSED  ]... completed [ 12/09/17 09:55:20 ]
    ------------------------------------------
    
    ===[  Continent Process  ]============================================
    
    ===[  IPv6 Process  ]=================================================
    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    No Changes to Aliases, Skipping pfctl Update
    
    ===[  Kill States  ]==================================================
    
     No matching states found
    ======================================================================
    
    ===[ FINAL Processing ]=====================================
    
       [ Original IP count   ]  [ 0 ]
    
       [ Final IP Count  ]  [ 0 ]
    
    ===[ DNSBL Domain/IP Counts ] ===================================
    
      117060 total
       41644 /var/db/pfblockerng/dnsbl/StevenBlack.txt
       39331 /var/db/pfblockerng/dnsbl/HostsFileNet.txt
       14606 /var/db/pfblockerng/dnsbl/MalwareDomains.txt
        9430 /var/db/pfblockerng/dnsbl/EasyList_No_Elements.txt
        8193 /var/db/pfblockerng/dnsbl/Cameleon.txt
        3031 /var/db/pfblockerng/dnsbl/EasyList_Privacy.txt
         393 /var/db/pfblockerng/dnsbl/Zeustracker.txt
         356 /var/db/pfblockerng/dnsbl/DisconnectMeAds.txt
          38 /var/db/pfblockerng/dnsbl/EasyList_No_Elements.ip
          21 /var/db/pfblockerng/dnsbl/DisconnectMeTracking.txt
          16 /var/db/pfblockerng/dnsbl/EasyList_Privacy.ip
           1 /var/db/pfblockerng/dnsbl/StevenBlack.ip
    ===============================================================
    
    Database Sanity check [  PASSED  ]
    ------------------------
    Masterfile/Deny folder uniq check
    Deny folder/Masterfile uniq check
    
    Sync check (Pass=No IPs reported)
    ----------
    
    IPv4 alias tables IP count
    -----------------------------
    55
    
    IPv6 alias tables IP count
    -----------------------------
    0
    
    Alias table IP Counts
    -----------------------------
          55 total
          55 /var/db/aliastables/pfB_DNSBLIP.txt
           0 /var/db/aliastables/pfB_MaliciousIPs.txt
    
    pfSense Table Stats
    -------------------
    table-entries hard limit  2000000
    Table Usage Count         4039
    
     UPDATE PROCESS ENDED [ 12/09/17 09:55:31 ]
    


  • I don't see any IPBlocking table.
    If you have created FW rules using and inexistant pfB_IPBlocking alias, you will get those messages.
    Either enable the IPBlocking table or remove the FW Rules using it.



  • @RonpfS:

    I don't see any IPBlocking table.
    If you have created FW rules using and inexistant pfB_IPBlocking alias, you will get those messages.
    Either enable the IPBlocking table or remove the FW Rules using it.

    Oh… OK so let me make sure I know what you mean.

    I have no lists in PFBlockerNG IPv4 or IPv6.  That's what you mean by the IPBlocking table?
    In firewall alias URLs, I have one entry for pfB_DNSBLIP
    In firewall alias IP, I have 2 entries, one for ms telemetry and one for acme lets encrypt
    In firewall rules, I have an entry for pfB_DNSBLIP and pfB_IPBlocking.

    I believe the firewall rules were created automatically.  I added the MS telemetry list.

    What exactly do I need to do to remove or activate things?



  • @lordbob75:

    In firewall rules, I have an entry for pfB_DNSBLIP and pfB_IPBlocking.

    You have problem with "pfB_IPBlocking" that might have been created by pfBlockerNG at some point, but now it uses "Unresolvable source/destination alias 'pfB_IPBlocking' ". So remove those rules.



  • @RonpfS:

    You have problem with "pfB_IPBlocking" that might have been created by pfBlockerNG at some point, but now it uses "Unresolvable source/destination alias 'pfB_IPBlocking' ". So remove those rules.

    OK, I've deleted that rule on the WAN and LAN interfaces.  It does look like the alerts have stopped.  Thank you so much!

    I don't believe there will be, but could deleting that cause any problems?



  • @lordbob75:

    I don't believe there will be, but could deleting that cause any problems?

    Well I don't know, maybe at some point you did some tests and now it's not needed.
    Removing them already solved the email problem ;)  ;D



  • @RonpfS:

    @lordbob75:

    I don't believe there will be, but could deleting that cause any problems?

    Well I don't know, maybe at some point you did some tests and now it's not needed.
    Removing them already solved the email problem ;)  ;D

    Fairly sure I messed with some IP lists at some point, but never noticed the new rule or whatever.  Still don't know a whole lot about networking and firewalls so I don't always recognize things like this.

    Alerts have definitely gone away at this point, thank you so much for helping me nail that down.


Log in to reply